<clever>
on my real system, it doesnt list imported pools
<clever>
that explains why its just "root" there
<clever>
oh wait, i ran that test in the VM by accident, lol
<clever>
not sure what the temp2 refers to
<clever>
aha, so thats how you list un-imported pools, lol
<clever>
pie__: so it should be the original name to boot
<clever>
pie__: the name may be baked into the grub stage 1.5
<clever>
lvm headers contain the list of fragments, and which disk each fragment is on, and it just tells DM to piece it all together and handle the rest
<clever>
and once you decrypt the master key, it just tells device-mapper to handle the rest, with the offset for the ciphertext, and the masterkey
<clever>
all contain the same master key
<clever>
the luks header has multiple key slots, each can be encrypted with a different passphrase (or keyfile)
<clever>
luks and lvm both use device-mapper
<clever>
pie__: dmsetup ls, would have shown lvm anyways
<clever>
yorick: i turned it off in my personal hydra, since the spinning rust is rather slow
<clever>
that example from yesterday, was importing the default.nix within the tar
<clever>
import takes a path (not a bash script) and then returns the nix value within that file
<clever>
pie__: i believe @ is the root of the zfs pool, which would get mounted to /tank in my example
<clever>
pie__: if i ls the partition, i just get the type again, but if i tack a / on, i get all datasets within the pool (and an error), https://i.imgur.com/7yBnKpi.png
<clever>
but i can see it still needing a backdoor for the initial deploy, to set it up
<clever>
dhess: ive also thought about how nixops should manage wireguard for you
<clever>
pie__: installed, booting but not...
<clever>
dhess: but that will run into trouble with any backend that does provisioning for you
<clever>
dhess: wireguard on both the target machine, and also others in its LAN, and then i just mess with the deployip based on whatever is working at the time
<clever>
pie__: i'll need to experiment on my end then...
<clever>
pie__: what about /@/root/ ?
<clever>
pie__: what about `ls (crypto0)/` ?
<clever>
pie__: what about `ls (crypto0)/root` ?
<clever>
and stage 1.5 isnt protected, so its just giving you some false security
<clever>
i dont bother with luks on /boot because you have to enter the password twice
<clever>
it has many slots of keys that can unlock the device
<clever>
that definitely sounds like luks
<clever>
pie__: so you can get rescue mode even if the luks partition was deleted
<clever>
pie__: stage 1.5 isnt inside the luks volume
<clever>
pie__: ls (crypto0) ?
<clever>
pie__: sounds like the luks has been opened successfully
<clever>
pie__: use ls to try and find core
<clever>
pie__: you need to load the core module from the boot fs
<clever>
pie__: but it has no tab completion
<clever>
pie__: insmod should still work
<clever>
pie__: let me poke around with justdoit
<clever>
pie__: ive not tried /boot on zfs yet
<clever>
grub-install is also responsible for embeding the correct drivers for the "boot" partition
<clever>
pie__: and if it cant find that, it falls into rescue mode
<clever>
pie__: when grub-install is ran, the path to the "boot" partition is baked into the stage 1.5 binary
<clever>
pie__: you can just take a photo of the monitor
<clever>
pie__: can you screenshot the error?
<clever>
rprije: just `foo = import <channelname> {};` in a let block and then foo.hello somewhere
<clever>
Athas: or just build it under nix-shell '<nixpkgs>' -A thing
<clever>
Athas: ahh, then you want to either make it fail with `postInstall = "exit 1";` and build with --keep-failed
<clever>
madhukar: i mostly stick to nix-build and nixos-rebuild
<clever>
and nix will set $out to the right path before starting the build
<clever>
Athas: the installPhase should copy everything to $out/bin and $out/lib for example
<clever>
Athas: if you want to modify something in its output, just `nix-build '<nixpkgs>' -A thing` and see where the files are, and then use $out/thatpath in postInstall
<clever>
madhukar: and now that you say that, i can see the differences
<clever>
madhukar: i have it when blogs do that
<clever>
Athas: usually, the working directory is left at the root of the source tree
<clever>
it applies to every argument passed to builtins.derivation { ... }
<clever>
but that magic also applies to buildInputs
<clever>
its just string magic
<clever>
yeah
<clever>
madhukar: you could maybe try xkbOptions = "caps:ctrl_modifier";
<clever>
madhukar: i dont know if a preset exists for that though
<clever>
madhukar: if a preset is available for that, you can enable it like this
<clever>
457 xserver = {
<clever>
458 xkbOptions = "caps:shiftlock";
<clever>
Henson: yep :D
<clever>
thats if you want ignore the warnings
<clever>
so your not seeing that firefox isnt supported on darwin
<clever>
v0id72[m]: Allowunsupport is your problem, its causing un-supported software to try to build anyways
<clever>
v0id72[m]: what is the content of config.nix?
<clever>
v0id72[m]: the package was likely not tested on darwin, and doesnt support it
<clever>
nix will ignore that
<clever>
markasoftware: nix always puts bin in path
<clever>
i dont think a lot of graphical programs from nixpkgs will work when on a mac, its mostly only command-line tools that work
<clever>
the linux version wont work, because it expects a linux kernel
<clever>
why do you want to build the linux version on a mac?
<clever>
nix-env will accept that arg as-is
<clever>
v0id72[m]: what command are you running to build chrome?
<clever>
v0id72[m]: then add --argstr system x86_64-linux
<clever>
v0id72[m]: and that .deb file is the linux build of chrome, not the mac build of it
<clever>
v0id72[m]: i dont think alsa is supported on darwin
<clever>
v0id72[m]: thats the real error
<clever>
#error Header defining endianness not defined
<clever>
v0id72[m]: just pastebin all of the output
<clever>
v0id72[m]: the real error is above that
<clever>
oborot: what error does it give?
<clever>
oborot: i just search via tab completion in `nix repl '<nixpkgs>'`
<clever>
oborot: are you searching for non-free packages?
<clever>
rprije: if you set allowBroken = true; and see what breaks
<clever>
eyJhb: the <nixpkgs> in displaylink.nix is loading 18.09, which may be too old for .extend
<clever>
eyJhb: nix-instantiate '<nixpkgs>' -A lib.version --eval
<clever>
eyJhb: if just ran with nix-build, it should work, what version of nixpkgs are you on?
<clever>
> pkgs.extend
<clever>
2019-06-08 17:25:10 < pie__> if youre doing it in configuration.nix, theres an overlays argument somewhere that you can just pass the (self: super: ...) to
<clever>
eyJhb: can you still pastebin your version of the file?
<clever>
eyJhb: what is the contents of displaylink.nix?
<clever>
yeah, 2 should have given an error
<clever>
it would have shown that the luks device isnt open
<clever>
for 1, it doesnt know if your luks device was misconfigured, or your drive is just slow to appear
<clever>
pie__: boot.debug1devices
<clever>
pie__: try boot.debug1devices this time
<clever>
pie__: one minute
<clever>
pie__: did luks ask for the passphrase before that?
<clever>
pie__: add boot.shell_on_fail to the kernel cmdline in grub
<clever>
pie__: can you get a shell there?
<clever>
pie__: how far is it booting, and where is it hanging?
<clever>
pie__: legacy requires mounting with the mount command, and on nixos, thats via fileSystems.
<clever>
this will display the mountpoint (and a lot of other stuff) for every filesystem
<clever>
zfs list -t filesystem -o name,used,referenced,logicalused,logicalreferenced,written,usedbysnapshots,usedbydataset,refcompressratio,compressratio,compression,mountpoint
<clever>
ah
<clever>
pie__: did you cleanly export it before shutting down the installer?
<clever>
elvishjerricco: ^^
<clever>
pie__: every FS in the fileSystems config, is automatically a supportedFilesystem
<clever>
iqubic: callPackage is what calls that function
<clever>
iqubic: that is defining a function, that takes 2 arguments
<clever>
heck, i cant even complete > existing-file on some stuff!
<clever>
pie__: ive found a lot of others stop you from completing what would have been normal things
<clever>
pie__: haskell has a nice one, but you still have to tell the parser if something is a file, enum, or whatever
<clever>
pie__: thats why i never use tab completion, its tends to be sloppy
2019-06-07
<clever>
yes
<clever>
and that wont make xmonad visible to other things
<clever>
zeta_0: there wasnt an error in that last pastebin
<clever>
zeta_0: yep, it works
<clever>
zeta_0: ah, it was --recompile
<clever>
zeta_0: only xmonad will be able to see it, during --reload, but it wont make it visible to other things
<clever>
zeta_0: you may want to add xmonad to the ghcWithPackages near the top of the file
<clever>
zeta_0: its not in scope for hie, only xmonad itself
<clever>
zeta_0: looks like that is going to fix things for the `xmonad --reload` thing, but it wont make xmonad available to the editor
<clever>
zeta_0: ghc based libraries cant be found when installed, you must be using a variant of ghcWithPackages that includes the library in question
<clever>
zeta_0: ive only heard of it working via services.xserver.windowmanager.xmonad.enable, which deals with wrapping it so it can find XMonad
<clever>
5 seconds late
<clever>
zeta_0: ive only heard of it working via services.xserver.windowmanager.xmonad.enable, which deals with wrapping it so it can find XMonad
<clever>
there isnt much point in trying to stop them from having "root"
<clever>
if somebody can nixos-rebuild or nixops deploy, they basically have root
<clever>
not_a_robot: or put an ssh keypair on root
<clever>
not_a_robot: sudo -i
<clever>
not_a_robot: you might as well just allow everything with sudo, because that allows an attacker to just change sudo.extraRules
<clever>
pie__: and once its built once,hydra will cache the result, and never build it again
<clever>
pie__: that sha1 collision wont give you what you want, it can only give a binary output
<clever>
o1lo01ol1o: if you give this some json descripbing the submodules, it can fetch the private repo